Keylime Agent: UUID Overwrite via TPM ID Spoof
CVE-2025-13609 Published on November 24, 2025

Keylime: keylime: registrar allows identity takeover via duplicate uuid registration
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module (TPM) device but claiming an existing agent's unique identifier (UUID). This action overwrites the legitimate agent's identity, enabling the attacker to impersonate the compromised agent and potentially bypass security controls.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-13609 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a high impact on integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

CHANGED

Confidentiality Impact:

LOW

Integrity Impact:

HIGH

Availability Impact:

LOW

Timeline

2025-11-24

Reported to Red Hat.

2025-11-24

Made public.

Weakness Type

Use of Multiple Resources with Duplicate Identifier

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required. If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Products Associated with CVE-2025-13609

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-13609 are published in these products:

Red Hat Enterprise Linux (RHEL)

Keylime

Red Hat Rhel Eus

Red Hat Rhel E4s

Red Hat Enterprise Linux Eus

Affected Versions

Keylime Project keylime:

Before 7.14.0 is affected.

Red Hat Enterprise Linux 10:

Version 0:7.12.1-11.el10_1.3 and below * is unaffected.

Red Hat Enterprise Linux 10.0 Extended Update Support:

Version 0:7.12.1-2.el10_0.4 and below * is unaffected.

Red Hat Enterprise Linux 9:

Version 0:7.12.1-11.el9_7.3 and below * is unaffected.

Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions:

Version 0:6.5.2-6.el9_2.1 and below * is unaffected.

Red Hat Enterprise Linux 9.4 Extended Update Support:

Version 0:7.3.0-13.el9_4.1 and below * is unaffected.

Red Hat Enterprise Linux 9.6 Extended Update Support:

Version 0:7.3.0-15.el9_6.1 and below * is unaffected.

Exploit Probability

EPSS

0.07%

Percentile

21.22%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Keylime Agent: UUID Overwrite via TPM ID SpoofCVE-2025-13609 Published on November 24, 2025